Minor correction: That’s DNS-over-HTTPS.
I can’t answer that but DNSSEC relates to the integrity (authenticity) of the returned information in the DNS packet (and is itself in the DNS packet) whereas the other things that you are talking about (DoT, DoH v. classical DNS over UDP) relate to the transport of the DNS packet. In an ideal world, the two would be independent i.e. regardless of how your computer received the DNS packet, it either is or is not capable of using the DNSSEC info to verify the DNS packet.
I think that using a DoH service like Google or Cloudflare could be problematic within the mindset of why you might be using PureOS. Handing over all the domain names that you are choosing to look up to Google is just another part of surveillance capitalism. However the essence of open source is that it is your choice.
DNS over HTTPS · curl/curl Wiki · GitHub lists some available public servers and expresses in rather unclear terms whether DNSSEC is supported. Some experimentation may be needed.